Hackers directly email customers of immigration firm after damaging cyberattack

A prominent U.K.-based company offering immigration services and legal resources for those with international businesses warned officials in multiple countries that a recent cyberattack may have exposed sensitive customer information. 

Sable International, which has offices in the U.K., Australia and South Africa, released several statements this week about a “sophisticated” cyberattack that caused a range of issues. 

Perhaps the most striking: that the hackers behind the attack have been emailing customers about the incident, likely to put pressure on the firm to pay a ransom.

On Friday, a company spokesperson shared a statement with Recorded Future News explaining that the breach has been reported to “relevant regulatory and law enforcement authorities in SA and the UK.”

“The current results of our investigation show that, at this stage, a limited number of clients have had their personal data compromised. We have already contacted these clients and are working with them to help mitigate the risk posed by this incident,” they said. 

The attack forced the company to shut down its servers, website and transactional portals. As of Friday afternoon, the company’s website is still offline. 

The statement also acknowledged that the hackers have emailed customers, and urged them not to interact. 

Sable International CEO Reg Bamford said he was “devastated” by the attack and added that they are doing everything they can to protect the “interests and security” of their clients. 

Customers typically turn to Sable International to handle visas to the U.K. as well as international business registrations, tax filings and other corporate concerns that come with multinational organizations. 

The company has started an internal investigation and has a team responding to customer inquiries. 

On Wednesday, the BianLian ransomware gang took credit for the attack. The group is most known for its 2023 attack on global charity organization Save the Children International.

The group was also spotlighted by the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre (ACSC) in May 2023 after targeting multiple U.S. critical infrastructure sectors since June 2022.

Hackers have repeatedly gone after firms like Sable International because of how sensitive their operations are. 

A 2023 incident involving relocation firm SIRVA caused outrage in Canada after it was revealed that the data of some Canadian government employees — including current and former members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel — was leaked during a cyberattack.